AnsweredAssumed Answered

CyberArk Password Vault - Secured Integration

Question asked by Alex Grant on Dec 5, 2019
Latest reply on Dec 6, 2019 by Kristian Nordman

Hi folks,

 

I'm trying to integrate IGL 7.1.1 P03 with our CyberArk vault through AIM. I have general connectivity, but I can't seem to nail down the secured connection.

 

WSDL URL: <AIM-WSDL-URL>

Authentication: One-Way SSL

 

I've made sure that the root CA cert in my organisation has been added to the /var/lib/ca-certificates/java-cacerts keystore (which is symlinked to $JAVA_HOME/jre/lib/security/cacerts). Its entry type is trustedCertEntry. However, the password vault has difficultly establishing the PKIX path. There are no intermediate certificates, just the root CA and the server certificate.

 

com.aveksa.server.passwordvault.VaultConnectionException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
......

curl -k <AIM-WSDL-URL> works successfully from the server CLI.

Outcomes